0 votes
by (120 points)
edited

Hi,

We use XML and Secured Mail messages to communicate with a third party. the XML message is included in the mail message as an AlternateView, and the MailMessage gets signed with an SHA256 hash algorithm.

The problems we are facing now, is a performance issue. It takes everywhere from 5 seconds till 90 seconds to sign a single message. and I have no clue why this is. I would certainly like some pointers where to start searching for this issue.

Thanks for any advice!

Applies to: Rebex Secure Mail

2 Answers

0 votes
by (147k points)
edited

5 to 90 seconds is obviously very long. Unless the messages you are signing are extremely large, the Sign method should be very quick.

We need to determine which operation is actually causing the slowdown. Does this only happen with SHA-256, or have you tried other algorithms as well?

To determine how long the actual signing operation takes, please try running the following code using the same certificate you pass to Sign method:

    using Rebex.Security.Certificates;
    using System.Security.Cryptography;

    // get the certificate
    Certificate certificate = ...;

    // create a hash algorithm instance
    SHA256 sha256 = SHA256.Create();

    // get test data to sign
    byte[] data = {1, 2, 3, 4, 5, 6};

    // generate a hash
    byte[] hash = sha256.ComputeHash(data);

    // sign the hash
    byte[] signature = certificate.SignHash(hash, SignatureHashAlgorithm.SHA256, true);

    // display the result
    Console.WriteLine(BitConverter.ToString(signature));

Does this work, and how long does it take?

Then, try the following code:

        using Rebex.Security.Certificates;
        using System.Security.Cryptography;

        // get the certificate
        Certificate certificate = ...;

        // convert Rebex Certificate to .NET certificate
        X509Certificate2 certificate2 = new X509Certificate2(certificate.Handle);

        // get certificate private key's RSA CSP
        RSACryptoServiceProvider csp = (RSACryptoServiceProvider)certificate2.PrivateKey;

        // get test data to sign
        byte[] data = {1, 2, 3, 4, 5, 6};

        // sign the hash
        string simpleName = CryptoConfig.MapNameToOID("SHA256");
        byte[] signature = csp.SignData(data, simpleName);

        // display the result
        Console.WriteLine(BitConverter.ToString(signature));

This does the same thing, but it converts RebexCertificate to .NET certificate and uses RSACryptoServiceProvider object to sign the data. Is this similarly slow?

by (120 points)
I've modified the code a little bit (we use Vb.Net, and in stead of a console app, I made it a webservice, to simulate the normal processing). It works. Average time it takes on my local machine (Win7 + ASP.NET Dev webserver) is a few miliseconds. Average time it takes on the "slow" server (Win2k3 + SP2 + IIS v6.0) is a few seconds.. I'm starting to think it has something to do with the machine itself.. Any further hints?
by (147k points)
This might be some CryptoAPI related issue. Even few seconds sounds like a way too much, although it's not as bad as 90 seconds you reported with MailMessage (which uses a code equivalent to the one I posted). Which part of the code actually causes the slowdown? Is it the SignHash method or something else?
0 votes
by (140 points)
edited

Sorry for the delay, apparently I did not get any notification there was a new message.

Yes, the slowdown is in the signhash method. A few seconds is the average time it takes to sign even this small message, Only when we stress the machine will the process time climb to the 90 seconds I reported.

I would be gratefull for any help, since this is a subject I'm not (yet) intimatly familliar with.

Regards, Eric

by (147k points)
edited

I added another variant of the test code to my original answer above. It does the same operation using .NET classes. Please give it a try and let me know whether it's slow as well.

(By the way, we have recently changed the forum software and notification should work now.)

...